CN106657045B - Multi-network integrated security and authentication method and system - Google Patents

Multi-network integrated security and authentication method and system Download PDF

Info

Publication number
CN106657045B
CN106657045B CN201611143709.2A CN201611143709A CN106657045B CN 106657045 B CN106657045 B CN 106657045B CN 201611143709 A CN201611143709 A CN 201611143709A CN 106657045 B CN106657045 B CN 106657045B
Authority
CN
China
Prior art keywords
network
password
user
user side
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201611143709.2A
Other languages
Chinese (zh)
Other versions
CN106657045A (en
Inventor
翁印嵩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201611143709.2A priority Critical patent/CN106657045B/en
Publication of CN106657045A publication Critical patent/CN106657045A/en
Priority to PCT/CN2017/115055 priority patent/WO2018108022A1/en
Application granted granted Critical
Publication of CN106657045B publication Critical patent/CN106657045B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Abstract

The invention relates to a multi-network integrated security and authentication method, which comprises the following steps: s1: setting a multi-network fusion module, and simultaneously connecting the Internet and a telecommunication network; s2: and the multi-network fusion module performs security information interaction with the user side on the basis of the identity authentication of the telecommunication through the channel of the telecommunication network. The invention carries out safety information interaction with the user side on the basis of the identity authentication of the telecommunication through the channel of the telecommunication network, does not need the participation of a third party cloud in the whole process, avoids the defects of the prior art, and has the advantages of safety, reliability and difficulty in being attacked by people.

Description

Multi-network integrated security and authentication method and system
Technical Field
The invention relates to the field of network and telephone communication, in particular to a multi-network integrated security and authentication method and system.
Background
With the development of technologies, it is becoming more and more popular to remotely control various devices or remotely store various information through the internet, such as the control of smart homes, the related applications of the internet of things, and the like, but the security is a trouble. People use various modern technologies such as: VPNs, various complex encryption algorithms, various huge cloud services, etc., which not only increase the complexity but also increase the use cost of the user, but also the security problem is not completely solved all the time due to the openness of the internet. How to construct a safe and low-cost control method for ordinary users becomes a problem to be faced.
Wherein, the secure transmission of any information needs to be encrypted, and is preferably a dynamic encryption method, but the transmission of the dynamic password is a difficult point; in addition, the devices connected to the internet also need to communicate by relying on the routing of the IP address, but the IP address is often dynamic, so how to inform the other party of the own IP address and the related identity authentication also becomes a key point.
Fig. 1 shows a common method, that is, related functional applications are implemented through a cloud or a server of a third party. If the relevant device 200 accesses the internet via a GateWay (GateWay) a, the user terminal B may also access the internet; the method comprises the following steps that the cloud C develops relevant application software, two ends A and B of communication need to be registered to the cloud C, and then the A or B logs in the cloud to initiate communication; in the whole process, the cloud C completes the security authentication of the A and the B, a communication link from the A to the C to the B or from the A to the B is finally constructed, and then the B controls the 200. Due to the characteristics of the internet, various internet-based security authentication algorithms are difficult to ensure security at present, for example, the transmission of a dynamic password is a difficult point, and a hacker can easily eavesdrop, intercept or tamper. Thus, a security method as shown in fig. 2 was developed.
As shown in fig. 2, the cloud or the server C sends a short message verification code through a Short Message Service (SMS) of the telecommunication network, and then inputs the short message verification code when the user B logs in the cloud C, thereby completing the process of identity authentication. However, the short message authentication code must be sent in clear, and is not absolutely secure. The above methods are all mediated and managed by the cloud C, and are completely ineffective when facing attacks from people inside the cloud.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a safe and reliable multi-network fusion-based security and authentication method and system without participation of a third party cloud.
The technical scheme adopted by the invention for solving the technical problems is as follows: a multi-network integrated security and authentication method is constructed, and the method comprises the following steps:
s1: setting a multi-network fusion module, and simultaneously connecting the Internet and a telecommunication network;
s2: the multi-network fusion module performs security information interaction with a user side on the basis of identity authentication of telecommunication through a channel of the telecommunication network; the security information comprises an encrypted dynamic password Kd and an IP address of the Internet;
the step S2 includes a step S21:
s21-1: the multi-network fusion module randomly generates a dynamic password Kd, encrypts the dynamic password Kd by using a registration password Kr to generate first data D1, and then sends the first data D1 to the user side through a channel of the telecommunication network;
s21-2: the user side decrypts the first data D1 by using the registration password Kr to obtain the dynamic password Kd;
s21-3: the user side encrypts a user password Ku by using the dynamic password Kd to generate second data D2, and sends the second data D2 to the multi-network fusion module through a channel of the telecommunication network;
s21-4: the multi-network fusion module decrypts second data D2 by using the dynamic password Kd to obtain the user password Ku, compares the user password Ku with the user password Ku stored by the multi-network fusion module, and interacts the IP address if the user password Ku is the same as the user password Ku stored by the multi-network fusion module;
or, the step S2 includes the step S22:
s22-1: the user side randomly generates a dynamic password Kd, encrypts the dynamic password Kd by using a registration password Kr to generate first data D1, and then sends the first data D1 to the multi-network fusion module through a channel of the telecommunication network;
s22-2: the multi-network fusion module decrypts the first data D1 by using the registration password Kr to obtain the dynamic password Kd;
s22-3: the user side encrypts a user password Ku by using the dynamic password Kd to generate second data D2, and sends the second data D2 to the multi-network fusion module through a channel of the telecommunication network;
s22-4: the multi-network fusion module decrypts second data D2 by using the dynamic password Kd to obtain the user password Ku, compares the user password Ku with the user password Ku stored by the multi-network fusion module, and interacts the IP address if the user password Ku is the same as the user password Ku stored by the multi-network fusion module;
wherein the interaction of the IP addresses in the steps S21 and S22 comprises: and the multi-network convergence module sends the IP address thereof to the user side, or the user side sends the IP address thereof to the multi-network convergence module.
Preferably, the step S21-2 includes: the user end receives the first data D1 transmitted from the telecommunication network, identifies CID signal and decrypts the first data D1 with the registration password Kr to obtain the dynamic password Kd;
the step S21-4 includes: the multi-network fusion module receives the second data D2 transmitted from the telecommunication network, identifies a CID signal and decrypts the second data D2 by using the dynamic password Kd to obtain the user password Ku, and compares the user password Ku with the user password Ku reserved in the multi-network fusion module;
after the step S21-4, the method further includes: and the user side and the multi-network fusion module communicate through the Internet according to the obtained IP address and the dynamic password Kd.
Preferably, before the step S21-1, the method further includes:
the multi-network fusion module sends information to the user side;
the user side receives the information, identifies CID signals and calls back the multi-network fusion module;
the multi-network fusion module receives the callback, identifies a CID signal and carries out off-hook, and establishes channel communication of a telecommunication network with the user side;
after the step S21-4, the method further includes: and the user side and the multi-network fusion module communicate through the Internet according to the obtained IP address and the dynamic password Kd.
Preferably, before the step S21-1, the method further includes:
the multi-network convergence module calls the user side;
the user side receives the calling signal, recognizes the CID signal and picks up the CID signal, and establishes channel communication of the telecommunication network with the multi-network convergence module;
after the step S21-4, the method further includes: and the user side and the multi-network fusion module communicate through the Internet according to the obtained IP address and the dynamic password Kd.
Preferably, before the step S21-1, the method further includes:
the user side sends information to the multi-network fusion module;
the multi-network fusion module receives the information, identifies CID signals and calls back the user side;
the user side receives the callback, recognizes the CID signal and picks up the CID signal, and establishes channel communication of the telecommunication network with the multi-network fusion module;
after the step S21-4, the method further includes: and the user side and the multi-network fusion module communicate through the Internet according to the obtained IP address and the dynamic password Kd.
Preferably, before the step S21-1, the method further includes:
the user side calls the multi-network convergence module;
the multi-network integration module receives the call, identifies a CID signal and carries out off-hook, and establishes channel communication of a telecommunication network with the user side;
after the step S21-4, the method further includes: and the user side and the multi-network fusion module communicate through the Internet according to the obtained IP address and the dynamic password Kd.
Preferably, the registration password Kr is generated when the user terminal registers with the multi-network convergence module, and the password Kr is a key pair, where the key pair includes a first key K1 and a second key K2;
in the step of generating the first data D1 by encrypting the dynamic password Kd with the registration password Kr, the first data D1 is generated by encrypting the dynamic password Kd with the first key K1;
in the step of decrypting the first data D1 with the registration password Kr to obtain the dynamic password Kd, decrypting the first data D1 with the first key K1 to obtain the dynamic password Kd;
in the step of generating the second data D2 by encrypting the user password Ku with the dynamic password Kd, the dynamic password Kd and the user password Ku are firstly operated to obtain an intermediate code Kdu, and then the intermediate code Kdu is encrypted with the second key K2 to generate second data D2;
in the step of decrypting the second data D2 with the dynamic password Kd to obtain the user password Ku, the second data D2 is decrypted with the second key K2 to obtain an intermediate code Kdu, and the intermediate code Kdu is then operated with the dynamic password Kd to obtain the user password Ku.
The invention also provides a multi-network converged security and authentication system, which comprises a multi-network converged module and a user side, wherein the multi-network converged module is simultaneously connected with the Internet and the telecommunication network; the multi-network fusion module performs security information interaction with a user side on the basis of identity authentication of telecommunication through a channel of the telecommunication network; the security information comprises an encrypted dynamic password Kd and an IP address of the Internet; the multi-network fusion module and the user side perform interaction of an encrypted dynamic password Kd and an Internet Protocol (IP) address by adopting the method of the step S21 or the step S22 in the multi-network fusion security and authentication method;
wherein the interaction of the IP address comprises: and the multi-network convergence module sends the IP address thereof to the user side, or the user side sends the IP address thereof to the multi-network convergence module.
Preferably, the multi-network fusion module comprises an algorithm module and a control logic module; the algorithm module communicates with the outside through a channel of a telecommunication network and instructs the control logic module to act; the control logic module is used for logically connecting the controlled object to the Internet or the telecommunication network.
Preferably, the multi-network fusion module is arranged in a personal computer, a tablet computer and/or a home gateway; the user side is a smart phone, a tablet computer and/or a personal computer.
The implementation of the invention has the following beneficial effects: the invention carries out safety information interaction with the user side on the basis of the identity authentication of the telecommunication through the channel of the telecommunication network, does not need the participation of a third party cloud in the whole process, avoids the defects of the prior art, and has the advantages of safety, reliability and difficulty in being attacked by people.
Drawings
The invention will be further described with reference to the accompanying drawings and examples, in which:
FIG. 1 is a diagram illustrating a prior art method for communication via a cloud or server of a third party;
FIG. 2 is a diagram illustrating a prior art technique for implementing communication via SMS;
FIG. 3 is a schematic diagram of one embodiment of a multi-network converged security and authentication system of the present invention;
FIG. 4 is a schematic diagram of a first embodiment of a multi-network converged security and authentication method of the present invention;
FIG. 5 is a schematic diagram of a second embodiment of a multi-network converged security and authentication method of the present invention;
FIG. 6 is a schematic diagram of a third embodiment of a multi-network converged security and authentication method of the present invention;
FIG. 7 is a schematic diagram of a fourth embodiment of a multi-network converged security and authentication method of the present invention;
FIG. 8 is a schematic diagram of a fifth embodiment of a multi-network converged security and authentication method of the present invention;
FIG. 9 is a schematic diagram of a sixth embodiment of a multi-network converged security and authentication method of the present invention;
FIG. 10 is a schematic diagram of a seventh embodiment of a multi-network converged security and authentication method of the present invention;
FIG. 11 is a schematic diagram of an eighth embodiment of a multi-network converged security and authentication method of the present invention;
FIG. 12 is a schematic diagram of a ninth embodiment of the multi-network converged security and authentication method of the present invention;
FIG. 13 is a schematic diagram of a tenth embodiment of a multi-network converged security and authentication method of the present invention;
fig. 14 is a schematic diagram of an embodiment of an encryption method of the multi-network converged security and authentication method of the present invention.
Detailed Description
As shown in fig. 3, the embodiment of the multi-network converged security and authentication system of the present invention includes a multi-network convergence module 100 for simultaneously connecting the internet and the telecommunication network, and a user side UU. The multi-network convergence module 100 performs security information interaction with the UU on the basis of the identity authentication of the telecommunications through a channel of the telecommunications network, for example, on the basis of a calling number identification cid (calling Line identification) of the telecommunications or a certificate issued by a telecommunications operator for identity authentication, such as a SIM card, an eSIM, or a U-key.
In the present embodiment, the multi-network convergence module 100 includes an algorithm module 110 and a control logic module 120. Wherein the algorithm module 110 communicates with the outside world through a channel of the telecommunication network and instructs the control logic module 120 to act; the control logic module 120 is used to logically connect a controlled object, such as a device or information 200 to be controlled, to the internet or to a telecommunication network, so that the devices or information can be logically controlled or interacted with through the internet or the telecommunication network.
The multi-network convergence module 100 may be disposed in a personal computer, a tablet computer, and/or a home gateway; the user end UU can be a smart phone, a tablet computer and/or a personal computer.
In one embodiment of the system, a multi-network fusion module is arranged and is simultaneously connected with the Internet and a telecommunication network; the multi-network fusion module performs security information interaction with the user side on the basis of the identity authentication of the telecommunication through a channel of the telecommunication network. The security information may be an encrypted password, an IP address of the internet, or the like.
As shown in fig. 4, which is a first embodiment of the security and authentication method for multi-network convergence of the present invention, a multi-network convergence module 100 is provided to connect with the internet and the telecommunication network at the same time. The multi-network convergence module can be arranged in any internet device, such as, but not limited to, the following devices: PCs, tablets, home gateways, etc. The user end UU can be a smart phone, a tablet computer, a PC and the like. The channels of the telecommunications network may be wired or wireless channels.
When the multi-network convergence module needs to contact the user side, the multi-network convergence module generates a dynamic password Kd, then encrypts the dynamic password Kd by using the registration code Kr to generate first data D1, and sends the first data D1 to the user side through a channel of a telecommunication network;
the user end receives the first data D1 transmitted from the telecommunication network, identifies the CID signal and decrypts the first data D1 with the registration code Kr to obtain the dynamic password Kd;
the user side encrypts the user password Ku by using the dynamic password Kd to generate second data D2 and sends the second data D2 to the multi-network fusion module through a channel of the telecommunication network;
the multi-network fusion module receives second data D2 transmitted from the telecommunication network, identifies CID signals and decrypts the second data D2 by using a dynamic password Kd to obtain a user password Ku, compares the user password Ku with the user password Ku reserved in the multi-network fusion module, and sends the IP address to a user side if the user password Ku is the same as the user password Ku; or the user side and the multi-network convergence module exchange the IP address of the user side;
the user side and the multi-network fusion module communicate (such as IP routing and information interaction) through the Internet according to the obtained IP address and the dynamic password Kd.
It will be appreciated that the above information exchange may be encrypted using a dynamic secret Kd.
It can be understood that when the first data D1 and the second data D2 are transmitted through the telecommunication network, the switch of the telecommunication network generates a CID signal, and the CID signal is obtained by activating the caller id service at the user terminal and the multi-network convergence module.
As shown in fig. 5, which is a second embodiment of the security and authentication method for multi-network convergence of the present invention, a multi-network convergence module 100 is provided to connect the internet and the telecommunication network at the same time. The multi-network convergence module can be arranged in any internet device, such as, but not limited to, the following devices: PCs, tablets, home gateways, etc. The user side can be a smart phone, a tablet computer, a PC and the like. The channels of the telecommunications network may be wired or wireless channels.
When the multi-network convergence module needs to contact a user side, the multi-network convergence module sends information to the user side;
the user side receives the information transmitted by the telecommunication network, identifies the CID signal and calls back the multi-network fusion module;
the multi-network fusion module identifies CID signals and carries out off-hook through the callback transmitted by the telecommunication network, and establishes channel communication of the telecommunication network with the user side;
the multi-network fusion module randomly generates a dynamic password Kd, encrypts the dynamic password Kd by using a registration code Kr to generate first data D1, and then sends the first data D1 to a user side through a channel of a telecommunication network;
the user side decrypts the first data D1 by using the registration code Kr to obtain a dynamic password Kd;
the user side encrypts the user password Ku by using the dynamic password Kd to generate second data D2 and sends the second data D2 to the multi-network fusion module through a channel of the telecommunication network;
the multi-network fusion module decrypts the second data D2 by using the dynamic password Kd to obtain a user password Ku, compares the user password Ku with the user password Ku stored by the multi-network fusion module, and sends the IP address to the user side if the user password Ku is the same as the user password Ku stored by the multi-network fusion module; or the user side and the multi-network convergence module exchange the IP address of the user side;
the user side and the multi-network fusion module communicate (such as IP routing and information interaction) through the Internet according to the obtained IP address and the dynamic password Kd.
It will be appreciated that the above information exchange may be encrypted using a dynamic secret Kd.
It can be understood that when the information and the call back are transmitted through the telecommunication network, the switch of the telecommunication network can generate the CID signal, and the CID signal can be obtained by activating the caller identification service at the user terminal and the multi-network convergence module.
As shown in fig. 6, which is a third embodiment of the security and authentication method for multi-network convergence according to the present invention, a multi-network convergence module 100 is provided to connect the internet and the telecommunication network at the same time. The multi-network convergence module can be arranged in any internet device, such as, but not limited to, the following devices: PCs, tablets, home gateways, etc. The user side can be a smart phone, a tablet computer, a PC and the like. The channels of the telecommunications network may be wired or wireless channels.
When the multi-network convergence module needs to contact the user side, the multi-network convergence module calls the user side;
the user side receives the calling signal, recognizes the CID signal and picks up the CID signal, and establishes channel communication of the telecommunication network with the multi-network convergence module;
the multi-network fusion module randomly generates a dynamic password Kd, encrypts the dynamic password Kd by using a registration code Kr to generate first data D1, and then sends the first data D1 to a user side through a channel of a telecommunication network;
the user side decrypts the first data D1 by using the registration code Kr to obtain a dynamic password Kd;
the user side encrypts the user password Ku by using the dynamic password Kd to generate second data D2 and sends the second data D2 to the multi-network fusion module through a channel of the telecommunication network;
the multi-network fusion module decrypts the second data D2 by using the dynamic password Kd to obtain a user password Ku, compares the user password Ku with the user password Ku stored by the multi-network fusion module, and sends the IP address to the user side if the user password Ku is the same as the user password Ku stored by the multi-network fusion module; or the user side and the multi-network convergence module exchange the IP address of the user side;
the user side and the multi-network fusion module communicate (such as IP routing and information interaction) through the Internet according to the obtained IP address and the dynamic password Kd.
It will be appreciated that the above information exchange may be encrypted using a dynamic secret Kd.
It can be understood that, when the call signal is transmitted through the telecommunication network, the switch of the telecommunication network will generate the CID signal, and the CID signal can be obtained by activating the caller identification service at the user terminal and the multi-network convergence module.
As shown in fig. 7, which is a fourth embodiment of the security and authentication method for multi-network convergence according to the present invention, a multi-network convergence module 100 is provided to connect the internet and the telecommunication network at the same time. The multi-network convergence module can be arranged in any internet device, such as, but not limited to, the following devices: PCs, tablets, home gateways, etc. The user side can be a smart phone, a tablet computer, a PC and the like. The channels of the telecommunications network may be wired or wireless channels.
When a user side needs to contact the multi-network convergence module, the user side sends information to the multi-network convergence module;
the multi-network fusion module receives the information transmitted by the telecommunication network, identifies the CID signal and calls back the user side;
the user side receives the callback transmitted by the telecommunication network, recognizes the CID signal and picks up the phone, and establishes channel communication of the telecommunication network with the multi-network fusion module;
the multi-network fusion module randomly generates a dynamic password Kd, encrypts the dynamic password Kd by using a registration code Kr to generate first data D1, and then sends the first data D1 to a user side through a channel of a telecommunication network;
the user side decrypts the first data D1 by using the registration code Kr to obtain a dynamic password Kd;
the user side encrypts the user password Ku by using the dynamic password Kd to generate second data D2 and sends the second data D2 to the multi-network fusion module through a channel of the telecommunication network;
the multi-network fusion module decrypts the second data D2 by using the dynamic password Kd to obtain a user password Ku, compares the user password Ku with the user password Ku stored by the multi-network fusion module, and sends the IP address to the user side if the user password Ku is the same as the user password Ku stored by the multi-network fusion module; or the user side and the multi-network convergence module exchange the IP address of the user side;
the user side and the multi-network fusion module communicate (such as IP routing and information interaction) through the Internet according to the obtained IP address and the dynamic password Kd.
It will be appreciated that the above information exchange may be encrypted using a dynamic secret Kd.
It can be understood that when the information and the call back are transmitted through the telecommunication network, the switch of the telecommunication network can generate the CID signal, and the CID signal can be obtained by activating the caller identification service at the user terminal and the multi-network convergence module.
As shown in fig. 8, which is a fifth embodiment of the multi-network converged security and authentication method of the present invention, a multi-network convergence module 100 is provided to connect the internet and the telecommunication network at the same time. The multi-network convergence module can be arranged in any internet device, such as, but not limited to, the following devices: PCs, tablets, home gateways, etc. The user side can be a smart phone, a tablet computer, a PC and the like. The channels of the telecommunications network may be wired or wireless channels.
When a user side needs to contact the multi-network convergence module, the user side calls the multi-network convergence module;
the multi-network integration module receives a call transmitted through the telecommunication network, identifies a CID signal and carries out off-hook, and establishes channel communication of the telecommunication network with a user side;
the multi-network fusion module randomly generates a dynamic password Kd, encrypts the dynamic password Kd by using a registration code Kr to generate first data D1, and then sends the first data D1 to a user side through a channel of a telecommunication network;
the user side decrypts the first data D1 by using the registration code Kr to obtain a dynamic password Kd;
the user side encrypts the user password Ku by using the dynamic password Kd to generate second data D2 and sends the second data D2 to the multi-network fusion module through a channel of the telecommunication network;
the multi-network fusion module decrypts the second data D2 by using the dynamic password Kd to obtain a user password Ku, compares the user password Ku with the user password Ku stored by the multi-network fusion module, and sends the IP address to the user side if the user password Ku is the same as the user password Ku stored by the multi-network fusion module; or the user side and the multi-network convergence module exchange the IP address of the user side;
the user side and the multi-network fusion module communicate (such as IP routing and information interaction) through the Internet according to the obtained IP address and the dynamic password Kd.
It will be appreciated that the above information exchange may be encrypted using a dynamic secret Kd.
As shown in fig. 9, which is a sixth embodiment of the security and authentication method for multi-network convergence according to the present invention, a multi-network convergence module 100 is provided to connect the internet and the telecommunication network at the same time. The multi-network integration module is arranged in a home gateway and is connected with a telecommunication network through a PSTN. The user side is a smart phone using a 4G network.
When the smart phone UU is registered with the multi-network fusion module 100 of the home gateway, key pairs K1 and K2 are generated, and a user sets a user password Ku of the user; ku is stored in the home gateway and K1 and K2 are stored in the two-end machines.
When the home gateway monitors that a situation requires contacting with a user, the multi-network fusion module 100 sends information to the mobile UU through the PSTN;
the mobile phone UU receives the information transmitted by the telecommunication network, recognizes the CID signal and confirms that the information is sent by the home gateway, and then calls back the multi-network fusion module 100 through the 4G and the PSTN network;
after recognizing the CID signal and confirming that the call is the incoming call of the UU of the user, the multi-network fusion module 100 picks up the phone and establishes channel communication of a telecommunication network with the user side;
then the multi-network fusion module randomly generates a dynamic password Kd, encrypts the Kd by using K1 of one of the key pairs to generate D1, and sends D1 to the mobile phone UU;
after receiving the D1, the UU decrypts the D by using K1 to obtain Kd;
then the user inputs the user password Ku and Kd of the user to operate the password to generate the intermediate code Kdu, the UU encrypts Kdu by using K2 to generate D2, and the D2 is sent to the multi-network fusion module 100;
after receiving the D2, the multi-network fusion module 100 decrypts the D2 by using K2 to obtain Kdu, then calculates the Kd to obtain Ku, compares the Ku with a password Ku set by a user in a memory, and if the Ku is the same as the password Ku set by the user in the memory, the security certification is passed, and the two parties can exchange IP addresses;
when the UU obtains the IP address of the home gateway, it can initiate the internet connection according to the address, once the connection is established, both parties can communicate, and all communications are encrypted by the dynamic password Kd. When the connection is performed again, different dynamic passwords are generated, so that the safety is guaranteed.
As shown in fig. 10, which is a seventh embodiment of the multi-network converged security and authentication method of the present invention, a multi-network convergence module 100 is provided to connect the internet and the telecommunication network at the same time. The multi-network integration module 100 is arranged in a tablet personal computer, the tablet personal computer is connected to the internet through WiFi, and is also connected with a telecommunication wireless network through 4G; the user end UU is a 4G tablet computer.
When the user side UU is registered with the multi-network integration module 100, a registration password Kr is generated, and the user sets a user password Ku of the user side UU; ku is stored in the tablet computer where the multi-network convergence module 100 is located, and Kr is stored in the two-terminal machine.
When the multi-network integration module 100 monitors that a user needs to be contacted under certain conditions, the multi-network integration module 100 sends information to the UU through the 4G;
the UU receives the information transmitted through the 4G network, recognizes the CID signal and confirms that the information is sent by the multi-network convergence module 100, and then calls back the multi-network convergence module 100 through the 4G network;
the multi-network convergence module 100 receives the callback transmitted through the 4G network, recognizes the CID signal and confirms that the call is an incoming call of the UU of the user terminal, and then picks up the phone to establish channel communication with the user terminal.
Then, the UU at the user side randomly generates a dynamic password Kd, the Kd is encrypted by the Kr to generate D1, and D1 is sent to the multi-network fusion module 100;
the multi-network fusion module 100 receives the D1 and then decrypts the D1 by using Kr to obtain Kd;
the user inputs the user password Ku of the user, and the UU encrypts Ku with Kd to generate D2, and then sends D2 to the multi-network fusion module 100.
After receiving the D2, the multi-network fusion module 100 decrypts the data with Kd to obtain Ku, compares the Ku with a password Ku set by a user in a memory, and if the Ku is the same as the password Ku set by the user in the memory, the security authentication is passed, and the two parties can exchange IP addresses;
after the UU obtains the IP address of the tablet computer where the multi-network convergence module 100 is located, connection of the internet can be initiated according to the address, once connection is established, the two parties can communicate, and all communication is encrypted by the dynamic password Kd.
As shown in fig. 11, it is an eighth embodiment of the security and authentication method of multi-network convergence of the present invention, wherein the multi-network convergence module 100 is disposed in a PC, and the PC is connected to the internet through an optical fiber and is connected to a telecommunication network through a PSTN; the user side UU is also a PC and is connected to the respective network via the optical fiber and the PSTN, respectively.
When the user side UU is registered with the multi-network integration module 100, a registration password Kr is generated, and the user sets a user password Ku of the user side UU; ku is stored in the PC where the multi-network convergence module 100 is located, and Kr is stored in the two-terminal machine.
When the user end UU needs to contact the PC where the multi-network convergence module 100 is located, the user end UU calls the multi-network convergence module 100 through the PSTN;
the multi-network convergence module 100 receives a call transmitted through the PSTN network, recognizes the CID signal, and picks up the phone after confirming that the call is an incoming call of the user end UU.
Then, the multi-network fusion module 100 generates a password Kd, encrypts the Kd with Kr to generate D1, and sends D1 to UU;
after receiving D1, the UU decrypts the D1 by using Kr to obtain Kd;
the user inputs the user password Ku of the user, and the UU encrypts the Ku by Kd to generate D2, and then sends D2 to the multi-network fusion module 100.
After receiving the D2, the multi-network fusion module 100 decrypts the data with Kd to obtain Ku, compares the Ku with a password Ku set by a user in a memory, and if the Ku is the same as the password Ku set by the user in the memory, the security authentication is passed, and the two parties can exchange IP addresses;
after the UU obtains the IP address of the PC where the multi-network convergence module 100 is located, it can initiate the connection of the internet according to this address, once the connection is established, both parties can communicate, and all communications are encrypted by the password Kd.
Fig. 12 shows a ninth embodiment of the multi-network converged security and authentication method of the present invention, wherein the multi-network converged module 100 is disposed in a PC, and the PC is connected to the internet and the PSTN network, respectively; the user end UU is a smart phone using a 4G network.
The PC is connected to the internet through a NAT (network address translation) device, the IP1 is an intranet address, and the desired public network address and port number are IP3: xx, that is, the UU needs to be notified of IP3: xx. There may be two solutions, the first solution is that in step 7, the UU sends its public network address IP2 to the multi-network convergence module 100, the multi-network convergence module 100 initiates a first packet connection to IP2, at this time, the NAT automatically configures IP3: xx to notify the UU, and the UU then initiates communication to the multi-network convergence module 100 according to the address; the second solution is to develop a new protocol for the NAT, where the protocol allows the device where the multi-network convergence module 100 is located to apply for a public network address and port number from the NAT in advance, for example, the NAT reserves IP3: xx for the multi-network convergence module 100, and the multi-network convergence module 100 can send IP3: xx to the UU in step 7.
As shown in fig. 13, it is a tenth embodiment of the security and authentication method of multi-network convergence of the present invention, wherein a multi-network convergence module 100 is provided to connect the internet and the telecommunication network at the same time. The multi-network convergence module can be arranged in any internet device, such as, but not limited to, the following devices: PCs, tablets, home gateways, etc. The user side can be a smart phone, a tablet computer, a PC and the like. The channels of the telecommunications network may be wired or wireless channels.
When the multi-network convergence module needs to contact a user side, the multi-network convergence module sends information to the user side;
the user side receives the information transmitted by the telecommunication network, identifies the CID signal and calls back the multi-network fusion module;
the multi-network fusion module identifies CID signals and carries out off-hook through the callback transmitted by the telecommunication network, and establishes channel communication of the telecommunication network with the user side;
the multi-network fusion module randomly generates a dynamic password Kd and sends the dynamic password Kd to the user side through a channel of the telecommunication network;
the user side sends the IP address to the multi-network convergence module; or the multi-network convergence module exchanges the IP address with the user side; and the user side and the multi-network fusion module communicate through the Internet according to the obtained IP address and the dynamic password Kd.
It will be appreciated that the above information exchange may be encrypted using a dynamic secret Kd.
It can be understood that when the information and the call back are transmitted through the telecommunication network, the switch of the telecommunication network can generate the CID signal, and the CID signal can be obtained by activating the caller identification service at the user terminal and the multi-network convergence module.
As shown in fig. 14, an embodiment of a key pair encryption method is shown, which can be used in all the above embodiments, and generates a key pair when a user terminal registers with a multi-network convergence module, where the key pair includes a first key K1 and a second key K2;
in all the above embodiments, in the step of generating the first data D1 by encrypting the dynamic password Kd with the registration code Kr, the first data D1 is generated by encrypting the dynamic password Kd with the first key K1;
in the step that the user side decrypts the first data D1 with the registration code Kr to obtain the dynamic password Kd, the user side decrypts the first data D1 with the first key K1 to obtain the dynamic password Kd;
in the step of encrypting the user password Ku by the dynamic password Kd to generate the second data D2 at the user side, the user side firstly calculates the dynamic password Kd and the user password Ku to obtain a middle code Kdu, and encrypts and generates the second data D2 by using a second key K2;
in the step of decrypting the second data D2 by the multi-network fusion module with the dynamic password Kd to obtain the user password Ku, the multi-network fusion module decrypts the second data D2 by using the second key K2 to obtain Kdu, and then performs operation on Kdu by using the dynamic password Kd to obtain the user password Ku.
It is to be understood that the foregoing examples, while indicating the preferred embodiments of the invention, are given by way of illustration and description, and are not to be construed as limiting the scope of the invention; it should be noted that, for those skilled in the art, the above technical features can be freely combined, and several changes and modifications can be made without departing from the concept of the present invention, which all belong to the protection scope of the present invention; therefore, all equivalent changes and modifications made within the scope of the claims of the present invention should be covered by the claims of the present invention.

Claims (9)

1. A multi-network integrated security and authentication method is characterized by comprising the following steps:
s1: setting a multi-network fusion module, and simultaneously connecting the Internet and a telecommunication network;
s2: the multi-network fusion module performs security information interaction with a user side on the basis of identity authentication of telecommunication through a channel of the telecommunication network; the security information comprises an encrypted dynamic password Kd and an IP address of the Internet;
the step S2 includes a step S21:
s21-1: the multi-network fusion module randomly generates a dynamic password Kd, encrypts the dynamic password Kd by using a registration password Kr to generate first data D1, and then sends the first data D1 to the user side through a channel of the telecommunication network;
s21-2: the user side decrypts the first data D1 by using the registration password Kr to obtain the dynamic password Kd;
s21-3: the user side encrypts a user password Ku by using the dynamic password Kd to generate second data D2, and sends the second data D2 to the multi-network fusion module through a channel of the telecommunication network;
s21-4: the multi-network fusion module decrypts second data D2 by using the dynamic password Kd to obtain the user password Ku, compares the user password Ku with the user password Ku stored by the multi-network fusion module, and interacts the IP address if the user password Ku is the same as the user password Ku stored by the multi-network fusion module;
or, the step S2 includes the step S22:
s22-1: the user side randomly generates a dynamic password Kd, encrypts the dynamic password Kd by using a registration password Kr to generate first data D1, and then sends the first data D1 to the multi-network fusion module through a channel of the telecommunication network;
s22-2: the multi-network fusion module decrypts the first data D1 by using the registration password Kr to obtain the dynamic password Kd;
s22-3: the user side encrypts a user password Ku by using the dynamic password Kd to generate second data D2, and sends the second data D2 to the multi-network fusion module through a channel of the telecommunication network;
s22-4: the multi-network fusion module decrypts second data D2 by using the dynamic password Kd to obtain the user password Ku, compares the user password Ku with the user password Ku stored by the multi-network fusion module, and interacts the IP address if the user password Ku is the same as the user password Ku stored by the multi-network fusion module;
wherein the interaction of the IP addresses in the steps S21 and S22 comprises: and the multi-network convergence module sends the IP address thereof to the user side, or the user side sends the IP address thereof to the multi-network convergence module.
2. The multi-network converged security and authentication method according to claim 1, wherein:
the step S21-2 includes: the user end receives the first data D1 transmitted from the telecommunication network, identifies CID signal and decrypts the first data D1 with the registration password Kr to obtain the dynamic password Kd;
the step S21-4 includes: the multi-network fusion module receives the second data D2 transmitted from the telecommunication network, identifies a CID signal and decrypts the second data D2 by using the dynamic password Kd to obtain the user password Ku, and compares the user password Ku with the user password Ku reserved in the multi-network fusion module;
after the step S21-4, the method further includes: and the user side and the multi-network fusion module communicate through the Internet according to the obtained IP address and the dynamic password Kd.
3. The multi-network converged security and authentication method according to claim 1, before the step S21-1, further comprising:
the multi-network fusion module sends information to the user side;
the user side receives the information, identifies CID signals and calls back the multi-network fusion module;
the multi-network fusion module receives the callback, identifies a CID signal and carries out off-hook, and establishes channel communication of a telecommunication network with the user side;
after the step S21-4, the method further includes: and the user side and the multi-network fusion module communicate through the Internet according to the obtained IP address and the dynamic password Kd.
4. The multi-network converged security and authentication method according to claim 1, before the step S21-1, further comprising:
the multi-network convergence module calls the user side;
the user side receives the calling signal, recognizes the CID signal and picks up the CID signal, and establishes channel communication of the telecommunication network with the multi-network convergence module;
after the step S21-4, the method further includes: and the user side and the multi-network fusion module communicate through the Internet according to the obtained IP address and the dynamic password Kd.
5. The multi-network converged security and authentication method according to claim 1, before the step S21-1, further comprising:
the user side sends information to the multi-network fusion module;
the multi-network fusion module receives the information, identifies CID signals and calls back the user side;
the user side receives the callback, recognizes the CID signal and picks up the CID signal, and establishes channel communication of the telecommunication network with the multi-network fusion module;
after the step S21-4, the method further includes: and the user side and the multi-network fusion module communicate through the Internet according to the obtained IP address and the dynamic password Kd.
6. The multi-network converged security and authentication method according to claim 1, before the step S21-1, further comprising:
the user side calls the multi-network convergence module;
the multi-network integration module receives the call, identifies a CID signal and carries out off-hook, and establishes channel communication of a telecommunication network with the user side;
after the step S21-4, the method further includes: and the user side and the multi-network fusion module communicate through the Internet according to the obtained IP address and the dynamic password Kd.
7. The method for multi-network converged security and authentication according to any one of claims 1 to 6, wherein the registration password Kr is generated when the user terminal registers with the multi-network converged module, and is a key pair comprising a first key K1 and a second key K2;
in the step of generating the first data D1 by encrypting the dynamic password Kd with the registration password Kr, the first data D1 is generated by encrypting the dynamic password Kd with the first key K1;
in the step of decrypting the first data D1 with the registration password Kr to obtain the dynamic password Kd, decrypting the first data D1 with the first key K1 to obtain the dynamic password Kd;
in the step of generating the second data D2 by encrypting the user password Ku with the dynamic password Kd, the dynamic password Kd and the user password Ku are firstly operated to obtain an intermediate code Kdu, and then the intermediate code Kdu is encrypted with the second key K2 to generate second data D2;
in the step of decrypting the second data D2 with the dynamic password Kd to obtain the user password Ku, the second data D2 is decrypted with the second key K2 to obtain an intermediate code Kdu, and the intermediate code Kdu is then operated with the dynamic password Kd to obtain the user password Ku.
8. A multi-network converged security and authentication system is characterized by comprising a multi-network converged module and a user side, wherein the multi-network converged module is simultaneously connected with the Internet and a telecommunication network; the multi-network fusion module performs security information interaction with a user side on the basis of identity authentication of telecommunication through a channel of the telecommunication network; the security information comprises an encrypted dynamic password Kd and an IP address of the Internet; the multi-network convergence module and the user terminal perform the interaction of the encrypted dynamic password Kd and the IP address of the Internet by using the method of step S21 or step S22 in the claim 1;
wherein the interaction of the IP address comprises: and the multi-network convergence module sends the IP address thereof to the user side, or the user side sends the IP address thereof to the multi-network convergence module.
9. The multi-network converged security and authentication system according to claim 8, wherein the multi-network converged module comprises an algorithm module and a control logic module; the algorithm module communicates with the outside through a channel of a telecommunication network and instructs the control logic module to act; the control logic module is used for logically connecting the controlled object to the Internet or the telecommunication network.
CN201611143709.2A 2016-12-13 2016-12-13 Multi-network integrated security and authentication method and system Active CN106657045B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201611143709.2A CN106657045B (en) 2016-12-13 2016-12-13 Multi-network integrated security and authentication method and system
PCT/CN2017/115055 WO2018108022A1 (en) 2016-12-13 2017-12-07 Multi-network integration security and authentication method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611143709.2A CN106657045B (en) 2016-12-13 2016-12-13 Multi-network integrated security and authentication method and system

Publications (2)

Publication Number Publication Date
CN106657045A CN106657045A (en) 2017-05-10
CN106657045B true CN106657045B (en) 2020-10-13

Family

ID=58825814

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611143709.2A Active CN106657045B (en) 2016-12-13 2016-12-13 Multi-network integrated security and authentication method and system

Country Status (2)

Country Link
CN (1) CN106657045B (en)
WO (1) WO2018108022A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106657045B (en) * 2016-12-13 2020-10-13 翁印嵩 Multi-network integrated security and authentication method and system
CN110121202B (en) * 2018-02-07 2021-06-15 成都鼎桥通信技术有限公司 Access method and terminal equipment
CN109299942A (en) * 2018-09-28 2019-02-01 新明华区块链技术(深圳)有限公司 It is a kind of applied to the key management method of block chain and internet, apparatus and system
CN110708225A (en) * 2019-11-25 2020-01-17 南京菲尔德物联网有限公司 Wireless intelligent home system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1372201A (en) * 2002-04-03 2002-10-02 张平 Novel network safety method
CN101835130A (en) * 2010-04-28 2010-09-15 候万春 System and method for authenticating and authorizing Internet communication through mobile communication network
CN102437914A (en) * 2010-12-08 2012-05-02 袁永亮 Method by utilizing telecommunication network to supply user identity label and user identity authentication to Internet service
CN104735027A (en) * 2013-12-20 2015-06-24 中兴通讯股份有限公司 Safety authentication method and authentication certification server

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7444513B2 (en) * 2001-05-14 2008-10-28 Nokia Corporiation Authentication in data communication
CN103795724B (en) * 2014-02-07 2017-01-25 陈珂 Method for protecting account security based on asynchronous dynamic password technology
CN106657045B (en) * 2016-12-13 2020-10-13 翁印嵩 Multi-network integrated security and authentication method and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1372201A (en) * 2002-04-03 2002-10-02 张平 Novel network safety method
CN101835130A (en) * 2010-04-28 2010-09-15 候万春 System and method for authenticating and authorizing Internet communication through mobile communication network
CN102437914A (en) * 2010-12-08 2012-05-02 袁永亮 Method by utilizing telecommunication network to supply user identity label and user identity authentication to Internet service
CN104735027A (en) * 2013-12-20 2015-06-24 中兴通讯股份有限公司 Safety authentication method and authentication certification server

Also Published As

Publication number Publication date
CN106657045A (en) 2017-05-10
WO2018108022A1 (en) 2018-06-21

Similar Documents

Publication Publication Date Title
CN106657045B (en) Multi-network integrated security and authentication method and system
US20150089220A1 (en) Technique For Bypassing an IP PBX
KR101438243B1 (en) Sim based authentication
CN102202299A (en) Realization method of end-to-end voice encryption system based on 3G/B3G
US9185092B2 (en) Confidential communication method using VPN, system thereof, program thereof, and recording medium for the program
KR101318808B1 (en) Method of establishing a cryptographic key, network head and receiver for this method, and method of transmitting signals
EP2979418B1 (en) Method to establish a secure voice communication using generic bootstrapping architecture
US20160006710A1 (en) Device for secure peer-to-peer communication for voice and data
US11431707B2 (en) Method, device and server for the secure distribution of a configuration to a terminal
CN112565302A (en) Communication method, system and equipment based on security gateway
CN111614596B (en) Remote equipment control method and system based on IPv6 tunnel technology
CN105873059A (en) United identity authentication method and system for power distribution communication wireless private network
CN114390524A (en) Method and device for realizing one-key login service
CN113993127A (en) Method and device for realizing one-key login service
EP1658701B1 (en) Method, system and mobile terminal for establishing a vpn connection
JP4555311B2 (en) Tunnel communication system, control device, and tunnel communication device
CN104753876A (en) Flexible and controllable session encryption method
CN104753869A (en) SIP protocol based session encryption method
WO2016165429A1 (en) Service processing method and apparatus, and terminal
JP2009260847A (en) Vpn connection method, and communication device
US20150121454A1 (en) Voip and unified communication authentication mechanism using components of the subscriber identity module (sim) and related hardware and firmware equivalents in mobile devices.
SK500542015U1 (en) System for secure transmission of voice communication via the communication network and method for secure transmission of voice communication
EP3588925A1 (en) Method for switching a communication link and system and device for implementing this method
CN112398805A (en) Method for establishing communication channel between client machine and service machine
KR100987856B1 (en) Method of Changing Password and Method of Processing Authentication for Internet Telephone Device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant